example

We want to make the following firewall rule to be applyable to different network interfaces (for e.g. different environments) with just one variable:

firewall { "010-reject-port":
  ensure      => present,
  dport       => [ 80 ],
  destination => $::ipaddress_eth0,
  proto       => 'tcp',
  action      => 'drop',
  iniface     => 'eth0',
}

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

• Prevents you from data breaches and liability risks
• Upgrade at your own pace
• Works with modern Rubies

Read more Show archive.org snapshot

We can create a $firewall_interface variable and apply it to iniface but how can we ensure that the correct ipaddress factof the corresponding interface is used for destination?

Solution:

Use getvar from the puppetlabs stdlib Show archive.org snapshot :

$firewall_interface = 'eth0'

firewall { "010-reject-port":
  ensure      => present,
  dport       => [ 80 ],
  destination => getvar("::ipaddress_${firewall_interface}"),
  proto       => 'tcp',
  action      => 'drop',
  iniface     => $firewall_interface,
}